Quick Summary
Executive Summary
Lorenzoni Store, a consumer services company based in Italy, has been identified as a victim on the Stormous ransomware group’s dark web portal, with the listing published on June 24, 2026. This discovery was made through SOCRadar’s Dark Web Monitoring service. The organization operates within the consumer-facing commerce sector and appears to be one of several regional retail brands targeted by Stormous around the same period.
Technical Analysis
Stormous has targeted approximately 18 other victims in the 60 days preceding this listing, showing a pattern of attacks focused on the consumer services, business services, and financial services sectors. Geographically, their victims are located in Mexico, Italy, and Vietnam. Lorenzoni Store, listed alongside other Italian or consumer-services focused entities like Impulso Store, Montechiaro Store, Maglificio Liliana, and FANASA.COM, aligns with Stormous’s apparent focus on small-to-mid-sized e-commerce businesses. SOCRadar’s initial analysis of stealer-log telemetry did not return any records for lorenzoni-store.com, indicating that direct credential exposure through this specific data source was not found. However, this does not rule out other initial access methods, as credentials may have been harvested via personal email aliases, indexed under different domains, or surfaced in other threat intelligence feeds not covered by this particular lookup. Threat intelligence teams are advised to continue monitoring and implement proactive credential hygiene measures, rather than interpret a negative query result as exoneration. The absence of direct evidence in the stealer logs does not preclude the possibility of compromised credentials being used for initial access, a known tactic for ransomware groups like Stormous.